» ldp.exe
Overview
Analysis
File Details
Downloads (3)

ldp.exe

CadProjekt K&A

This is a setup program which is used to install the application. The file has been seen being downloaded from www.bytesendclear.com and multiple other hosts.

File name:

ldp.exe

Publisher:

CadProjekt K&A

Description:

Light Decor Paradyż

Version:

2.0.8.3

MD5:

1531cd77841ad5e5a0edbac72d689d65

SHA-1:

b0dbf2c8235b726f52d4369ffeb7591d862e3882

SHA-256:

9431ea14db78f348e65e632ed0b6221537ef9532b7f2c691c8f4b3750dd93186

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

5/6/2024 11:24:03 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Rising Antivirus

PE:Trojan.Win32.Generic.14C2C29C!348308124

23.00.65.16128

ViRobot

Trojan.Win32.A.NSAnti.1411584

2011.4.7.4223

File size:

1.3 MB (1,411,584 bytes)

Product version:

1.0.0.0

CadProjekt K&A

Trademarks:

CadProjekt K&A

File type:

Executable application (Win32 EXE)

Language:

Polish (Poland)

Common path:

C:\users\{user}\downloads\ldp.exe

File PE Metadata

Compilation timestamp:

6/9/2010 1:30:18 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

24576:f7Zbs3ZYJh/v/H+188iQRkeDhPUT0k4E77pZeFvZCTHtFvTt6O950N7:jzXnv+188XbDhKgkmkTPLt6WK

Entry address:

0x50DDE0

Entry point:

60, BE, 00, 90, 7B, 00, 8D, BE, 00, 80, C4, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

1.3 MB (1,400,832 bytes)

The file ldp.exe has been seen being distributed by the following 3 URLs.

http://www.bytesendclear.com/qgbsN3UJLdi0RbGZoFhcCpJtEWbAqALBIHroh1U7nZqMAjV5myDaZZhkBbwMNG3FV9YzGetkyfg8zyoVWd684Ef SAQGdMMXhF2dbpaSW_3kipwYnMBovLRpkYl9MeGam1qamWVmini707vvA_bduf3nfsU2q7flYsuCU BxRaHeXgIs8kmnXfC8PJvO5SCo3_cMw4sJuA4FCPkNWqLMnIpWHHHw9c8G FBhIwobKS QNXutA_gReakxfpLneMufVbPRi0uDjbmM5 2W t8_9e Qr_I1XGuJ1e4U9Pbei7vUr _3kDNm1cBPXpSoheTwMWep9LctkoIEZGfffOjcK ShN6hrQcoSeo7bZI AqkbrEW_1C3tVAOuG xqAUtV9JAaI6QRT9bd0IGcgoqeJzH4TRYuT cPgvE_XlMS10PcK YrUnxF1RhhQnCbMjU3JNXWDitweF4vmKcnJBs8 zUQ9Bjweu3nV3tpFfE53A5A1l5XwkJmZQU7sw8SkcJGHTX Qrs_sQp_j8J45wnAb3A6zPbYCxcDYfqGZOiJVbTugEu3i9dwv178J1iRVs_4Tu51 qJg5pPYfTCzDFgfKY0QJfj2xDXBLI2gaTnd_d9Rn9aTUCKc=-G2AAAGTYtrmEc6walw4THHLg8F2zwCUMNsb4jiN4 rnGFKXRrSCGjKhXhgaRPxAtHDLiyqCpDzUIiuAbtIOp4UFeMbgqIWvLSMgnyoh P7Q0AvYy-E

http://www.bytesendclear.com/WVl6OTRQWFZXVkhOSmVtOVBia1ZqYUhCTFpVNVhaMUpDVkVOc1NFdzBKVEpHUTA5d2NTVXlSbGxCYzBNeFRETmxOa1JaSlRORUptTTljM3BJU2tvMmNESjFjVEZZZGpGSmRuRXplRGxXYVdSVFFUVnRhbWQ2SlRKR1ZXdFBhbUZzVEdkdFNXVlVOM0kzUzJod2VsbEJaVGQxZHpKRlpWRnJNR1pXYWxsRWVXdG9SRlpIVGsxVlVraDBOazlUU0hFbE1rSlhRa1pEV21OTVNYRndaR0U0TkVwVVowMXNSR2hNVGxoVk5tRjBVVXBYUmxBMk5HdFRhQ1V5Umtoa1VHRXdPRUlsTWtKb2QxbDVUMWRMZFhWMFMzTjVhMFEwV2xFbE0wUWxNMFFtWlQweEptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTmhKVEptSlRKbVptbHNaWE10Wkc5M2JteHZZV1F1Y0c5eVlXUnVhV3RrYjJkeWVTNXdiQ1V5WmtkeVlXWnBhMkZKUm05MGIyZHlZV1pwWVNVeVpsQnliMnBsYTNSdmQyRnVhV1VsTW1aTWFXZG9kRVJsWTI5eVVHRnlZV1I1ZWlVeVpteGtjQzVsZUdVbVpHOTNibXh2WVdSQmN6MU1hV2RvZEN0RVpXTnZjaXRRWVhKaFpIa2xZelVsWW1Nck1pNHdMamd1TXk1bGVHVT0=

http://files.pobierz.pl/files/.../ldp(Pobierz.pl)[1].exe

Scan ldp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.